From 8b8737221d88edb239b5d226625b394fb9a4f980 Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Wed, 11 Sep 2024 09:28:17 -0400
Subject: [PATCH] mark specific settings as allowed to include Jinja

---
 salt/soc/soc_soc.yaml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml
index 308044d50..760001120 100644
--- a/salt/soc/soc_soc.yaml
+++ b/salt/soc/soc_soc.yaml
@@ -117,6 +117,7 @@ soc:
             syntax: yaml
             helpLink: notifications.html
             forcedType: string
+            jinjaEscaped: True
           additionalSev1Alerters:
             title: "Notifications: Sev 1/Informational Alerters"
             description: "Specify specific alerters to use when alerting at the info severity level or higher. These alerters will be used unless overridden by higher severity alerter settings. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key."
@@ -132,6 +133,7 @@ soc:
             syntax: yaml
             helpLink: notifications.html
             forcedType: string
+            jinjaEscaped: True
           additionalSev2Alerters:
             title: "Notifications: Sev 2/Low Alerters"
             description: "Specify specific alerters to use when alerting at the low severity level or higher. These alerters will be used unless overridden by higher severity alerter settings. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key."
@@ -147,6 +149,7 @@ soc:
             syntax: yaml
             helpLink: notifications.html
             forcedType: string
+            jinjaEscaped: True
           additionalSev3Alerters:
             title: "Notifications: Sev 3/Medium Alerters"
             description: "Specify specific alerters to use when alerting at the medium severity level or higher. These alerters will be used unless overridden by higher severity alerter settings. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key."
@@ -162,6 +165,7 @@ soc:
             syntax: yaml
             helpLink: notifications.html
             forcedType: string
+            jinjaEscaped: True
           additionalSev4Alerters:
             title: "Notifications: Sev 4/High Alerters"
             description: "Specify specific alerters to use when alerting at the high severity level or critical severity level. These alerters will be used unless overridden by critical severity alerter settings. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key."
@@ -177,6 +181,7 @@ soc:
             syntax: yaml
             helpLink: notifications.html
             forcedType: string
+            jinjaEscaped: True
           additionalSev5Alerters:
             title: "Notifications: Sev 5/Critical Alerters"
             description: "Specify specific alerters to use when alerting at the critical severity level. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key."
@@ -192,6 +197,7 @@ soc:
             syntax: yaml
             helpLink: notifications.html
             forcedType: string
+            jinjaEscaped: True
           additionalUserDefinedNotifications:
             customAlerters:
               description: "Specify custom notification alerters to use when the Sigma rule contains the following tag: so.alerters.customAlerters. This setting can be duplicated to create new custom alerter configurations. Specify one alerter name (Ex: 'email') per line. Alerters refers to ElastAlert 2 alerters, as documented at https://elastalert2.readthedocs.io. A full update of the ElastAlert rule engine, via the Detections screen, is required in order to apply these changes. Requires a valid Security Onion license key."
@@ -208,6 +214,7 @@ soc:
               helpLink: notifications.html
               duplicates: True
               forcedType: string
+              jinjaEscaped: True
           autoEnabledSigmaRules:
             default: &autoEnabledSigmaRules
               description: 'Sigma rules to automatically enable on initial import. Format is $Ruleset+$Level - for example, for the core community ruleset and critical level rules: core+critical. These will be applied based on role if defined and default if not.'